Forum Stats

  • 3,824,944 Users
  • 2,260,442 Discussions


Serialization Filter in Java 1.7.0_211?

BigBrew Member Posts: 1


Background info:  WebLogic 10.3.6 running under Java 1.7.0_211 on Solaris

We are seeing rejections from the Object Input Filter in our server log.  For example: filterCheck

INFO: ObjectInputFilter REJECTED: class java.rmi.server.RemoteObjectInvocationHandler, array length: -1, nRefs: 7, depth: 2, bytes: 230, ex: n/a

My questions are fairly basic:  Both the jdk.serialFilter and the sun.rmi.registry.registryFilter properties are NOT set via the command line nor in the file (commented out).  So why is any filtering occurring at all?  I've been down the rabbit hole of the JDK source for and a decompiled sun.misc.ObjectInputFilter.  I cannot see where any filtering should be occurring if the filter property is not set.  Is there a default being set somewhere?  I've attempted to open up the filtering by setting jdk.serialFilter=* in the file, but that just caused the server to fail start up due to a reject on a "null" class: filterCheck

INFO: ObjectInputFilter REJECTED: null, array length: -1, nRefs: 501, depth: 13, bytes: 7948, ex: n/a

Any insight would be appreciated.